Generally, a computer application's data is in one of three states: data at rest, data at transit, or data at operation. For example, as illustrated in FIG. 1, data stored in long-term storage at a client device 10 or at a server device 12 is data in a state of rest 14. Similarly, data being exchanged over a network 18 between the client device 10 and the server device 12 is data at transit 16. A variety of technologies and techniques exist for controlling and protecting data at rest and data at transit. For example, data at rest is often protected by a file system's user access policy. Furthermore, various techniques exist for encrypting data at rest, thereby preventing unauthorized access to the data. Similarly, network access policies and virtual private networks exist to control access to and protect data at transit. Encryption techniques, such as secure sockets layer (SSL) also help to protect data at transit.
Although data at rest and data at transit are well protected, it is often the case that data at operation are not well protected. For example, in an on-line shopping application, data representing a shopping list may be encrypted when the data are sent from a shopping cart device to a store server (e.g., in transit), and the corresponding transaction record may be well protected at the store database (e.g., at rest). However, during the shopping session, a user's input to the shopping list at the local computer may be wide open to third-party snooping. Similarly, a confirmation message received from the store server, which acknowledges and provides details of the transaction, may also be wide open to third-party snooping. In another example, with a remote medical diagnosis application, a patient's personal and medical information may be well protected by authentication, access control and encryption, when such data is at rest or in transit. Nonetheless, such information when processed and displayed by the application on the local device may be exposed to third-party prying. Accordingly, improved techniques for protecting operational data are desirable.